Towson U., National Federation of the Blind re-invent CAPTCHA
Researchers at Towson University and the National Federation of the Blind, based here in Baltimore, have come up with a new and more accessible twist on the CAPTCHA services -- you know, those squiggly, hard-to-read letters us humans are forced to enter in a Web application to verify that we're human and not malicious bots.
CAPTCHA technology has been around for more than 10 years and its history has been a sort of arms race between security geeks and hackers. New types of CAPTCHAs are devised, but hackers can write programs that can "read" the letters and numbers. Meanwhile, people with disabilities can struggle with trying to get past the CAPTCHA security, because they have trouble seeing or hearing the CAPTCHA codes.
Computer viruses have an easier time than people with disabilities in getting past some CAPTCHA systems, according to Towson professor Jonathan Lazar, who worked on the new system with the NFB.
"Unfortunately what happens is it becomes very often not a test of if you're human, but a test of whether you can see," Lazar said. "Basically, computer viruses are twice as successful as blind people on the old captchas. It's a problem, and that's why we've been working on building this."
Here's how the Towson system works: The user is shown both a picture and a sound of an easy to identify object. In the case above, we see birds, drums, lion.
Corresponding sounds for each object are then played for the user, who types in what she hears. Lazar said their algorithms can accept variations of the user input, such as plurals, i.e. bird/birds, drum/drums, lion/lions. This type of security approach works because humans are still far better than computers at recognizing sounds and putting names to them, according to Lazar.
The Towson researchers recently filed a patent application for their system, which they call HIPUU (Human Interacting Proof Universally Usable.)
Who knows -- maybe sometime soon this will become the new standard.
This is an archived version of the technology blog. For updated coverage, see the current baltTech location: baltimoresun.com/balttech